Closed
Bug 1425826
Opened 6 years ago
Closed 6 years ago
[Static Analysis] Dereference of null return value in BinASTParser::parseBlockStatementAux
Categories
(Core :: JavaScript Engine, enhancement, P1)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
mozilla59
Tracking | Status | |
---|---|---|
firefox59 | --- | fixed |
People
(Reporter: andi, Assigned: andi)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, Whiteboard: CID 1426305)
Attachments
(1 file)
A possible null pointer dereference can occur in the following context:
>> // In case of absent optional fields, inject default values.
>> if (!body)
>> body = factory_.newStatementList(tokenizer_->pos());
>>
>> MOZ_TRY_VAR(body, appendDirectivesToBody(body, directives));
I think we can avoid this by packing | newStatementList | call with TRY_DECL.
Comment hidden (mozreview-request) |
Comment 2•6 years ago
|
||
mozreview-review |
Comment on attachment 8937418 [details] Bug 1425826 - prevent null pointer dereference in BinASTParser::parseBlockStatementAux. https://reviewboard.mozilla.org/r/208092/#review214458 r=me with the one comment addressed. ::: js/src/frontend/BinSource.cpp:338 (Diff revision 1) > } > } > > // In case of absent optional fields, inject default values. > if (!body) > - body = factory_.newStatementList(tokenizer_->pos()); > + TRY_DECL(body, factory_.newStatementList(tokenizer_->pos())); This seems like it would be a syntax error. Does it compile? I think it needs to be `TRY_VAR` instead of `TRY_DECL`.
Attachment #8937418 -
Flags: review?(jorendorff) → review+
Updated•6 years ago
|
Priority: -- → P1
Comment hidden (mozreview-request) |
Pushed by bpostelnicu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4d07f50ba637 prevent null pointer dereference in BinASTParser::parseBlockStatementAux. r=jorendorff
Comment 5•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/4d07f50ba637
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
You need to log in
before you can comment on or make changes to this bug.
Description
•